I have submitted three samples to DrWeb these latest two months. One was a live undetected trojan. Two where false positives detected by DrWeb heuristic. They where all dealt with in less than two hours. I submitted the trojan late in the evening (I presume I submitted the sample to russia? I live in sweden.) and they had someone there who took care of it quickly

I do not submit too often though (I just don't attract malware ) maybe two or three times a year. All forwarded from friends.

I submitt very often samples. (about 30-50 per month or even more). Of course sometimes I don't have time to "get them. Just today I've submitted somethng to ESET and it was added. Hope they'll be so fast everytime.

If I find something I think is malware I test it on virustotal/sandbox etc to see if it is really 'dangerous', then send it to those on virustotal that don't detect it. There are a few AV companies that rarely (or never!) add anything I send, so i gave up on those a long time ago and don't bother sending anything to those ones. But most are quick and efficient at adding the samples I send.

I asked this question because I saw a lot of complains about many FP or even real threats that weren't fixed in time or at all. I was wondering if users are doing something to help the developers.
I know I did in the past for Eset, but I've never tracked-back if they did any change. Do you think they should answer at any submission they receive? I know I would feel better if they do, but I don't think that's possible.

I asked this question because I saw a lot of complains about many FP or even real threats that weren't fixed in time or at all. I was wondering if users are doing something to help the developers.
I know I did in the past for Eset, but I've never tracked-back if they did any change. Do you think they should answer at any submission they receive? I know I would feel better if they do, but I don't think that's possible.

Click to expand...

There have been many complaints about Eset not adding submitted samples properly. I would appreciate a reply whenever I submit samples, but I realise that it may be difficult to provide individual analysis reports for thousands of files. So, basically a short message like "Hello, we have added your samples" is good enough for me.

In this regard I appreciate the BitDefender and Virus Chaser support team as they have always replied to all my submissions.

Do you think they should answer at any submission they receive? I know I would feel better if they do, but I don't think that's possible.

Click to expand...

Drweb and Prevx1*answers back and tells me what their conclusion is, quite fast too. I definitely feel better knowing that I have contributed (ie get feedback) and it motivates me to send samples. Knowing that they take it seriously. Otherwise it just feels like throwing things in a black hole, wheres the fun in that

* I forgot to mention in my earlier post that I have submitted samples to Prevx1 too.

I've noticed that certain companies have also an e-mail address for sample submission not only the module from the software.
How do you send them? I think there are better chances to get a reply when using a classic e-mail.

I've noticed that certain companies have also an e-mail address for sample submission not only the module from the software.
How do you send them? I think there are better chances to get a reply when using a classic e-mail.

Click to expand...

By classic email, usually to the support teams of the various companies (exceptions: McAfee, Eset, Dr.Web). IMO its better to simply send out a classic email to the support teams, it gets you a more satisfactory response.

I never send samples before I check them with a few multi engine scans first. It allows you to know if it is because your av is improperly configured or a false positive. It also allows you to know which other AV's actually detected it. It also has an auto submission to all the member companies. As such you send the samples to a large numbers of Anti virus makers instead of just one.

Also for those interested in finding out what the virus names may be from one AV to another you can use the vgrep database
It's Dos but it works great while at client sites doing research on a nasty virus. Here is the link for it: http://www.virusbtn.com/resources/vgrep

Here is an example of a successfully submitted virus sample with a positive result:

Question. Based on the above, where the update section for each vendor is, does that mean that F-Prot and Autentium were the first to add it to their updates.

Click to expand...

It only means at the time of the scan the reported database of different products did or did not assign a name or did not detect it at all. In the case of the stration virus my own av had to update the Dat files at least 6 times within a 14 hour period. Between updates submitting new variants would report a failed detection. While some other av's would actually already detect it... nasty piece of work that stration bug...